...
Furthermore, the definition of programmer-defined types may change. This creates a problem using these types with formatted output functions, such as printf(), and formatted input functions, such as scanf(). (See guideline recommendation FIO00-C. Take care when creating format strings.)
The C99 intmax_t and uintmax_t types are capable of representing any value representable by any other integer types of the same signedness. (See guideline recommendation INT00-C. Understand the data model used by your implementation(s).) This allows conversion between programmer-defined integer types (of the same signedness) and intmax_t and uintmax_t. For example:
| Code Block |
|---|
mytypedef_t x;
uintmax_t temp;
/* ... */
temp = x; /* always secure*/
/* ... change the value of temp ... */
if (temp <= MYTYPEDEF_MAX) {
x = temp;
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: INT15-CPP. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types
Bibliography
unmigrated-wiki-markup
\[[ISO/IEC 9899-1999|AA. Bibliography#ISO/IEC 9899-1999]] Section 7.18.1.5, "Greatest-width integer types," and Section 7.19.6, "Formatted input/output functions" \[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 681|http://cwe.mitre.org/data/definitions/681.html], "Incorrect Conversion between Numeric Types"
MITRE CWE: CWE-681, "Incorrect Conversion between Numeric Types"
Bibliography
...